[jira] [Commented] (HADOOP-11321) copyToLocal cannot save a file to an SMB share unless the user has Full Control permissions.

Tue, 09 Dec 2014 15:08:31 -0800 

    [ 
https://issues.apache.org/jira/browse/HADOOP-11321?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14240248#comment-14240248
 ] 

Chris Nauroth commented on HADOOP-11321:
----------------------------------------

bq. The solution is in the samba case is just to open up your umask and then 
the create will succeed with the desired permission.

Technically, we're not going to need any Hadoop code changes or changes to 
umask to support a Linux client with a Samba mount.  This works (or at least it 
doesn't fail the client), because CIFS mounts are implemented to silently 
ignore chmod failures, as described in my earlier comment.

bq. Let me know if you want help on the fchmod thing... we could split this 
JIRA into one for Windows and one for Linux. Or maybe it makes sense to keep it 
all here, and just do it for both platforms in this patch?

Thanks for volunteering, [~cmccabe].  I'm about to post a patch shortly.  Based 
on what I have so far, I suspect the Linux {{fchmod}} support will be a fairly 
small incremental thing.  Let me know your thoughts after you see the patch, 
and then we can make a call on whether or not to roll it all into one patch 
here or split it out separately.

> copyToLocal cannot save a file to an SMB share unless the user has Full 
> Control permissions.
> --------------------------------------------------------------------------------------------
>
>                 Key: HADOOP-11321
>                 URL: https://issues.apache.org/jira/browse/HADOOP-11321
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: fs
>    Affects Versions: 2.6.0
>            Reporter: Chris Nauroth
>            Assignee: Chris Nauroth
>         Attachments: HADOOP-11321.1.patch, HADOOP-11321.2.patch, 
> winutils.tmp.patch
>
>
> In Hadoop 2, it is impossible to use {{copyToLocal}} to copy a file from HDFS 
> to a destination on an SMB share.  This is because in Hadoop 2, the 
> {{copyToLocal}} maps to 2 underlying {{RawLocalFileSystem}} operations: 
> {{create}} and {{setPermission}}.  On an SMB share, the user may be 
> authorized for the {{create}} but denied for the {{setPermission}}.  Windows 
> denies the {{WRITE_DAC}} right required by {{setPermission}} unless the user 
> has Full Control permissions.  Granting Full Control isn't feasible for most 
> deployments, because it's insecure.  This is a regression from Hadoop 1, 
> where {{copyToLocal}} only did a {{create}} and didn't do a separate 
> {{setPermission}}.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to